Merge branch 'master' into vue-mr-widget-state

* master: Split the setup-test-env job in two Remove the wait time for the login form check Fix protected branches API to accept name parameter with dot Update outdated docs for CI/CD quick start _never_ unset gitlab.full_path Backport to match EE icons Add horizontal scroll to wiki tables Update best_practices.md Remove duplicate list item in "General Guidelines" Section. Permits 'password_authentication_enabled_for_git' parameter for ApplicationSettingsController Move rugged-call from Project#write_repository_config to Git::Repository#write_config doc: Spelling fixes Update Auto DevOps template Disable scss-lint around text-decoration-skip Add text-decoration-skip: ink to all underlined elements Fix Shows signin tab after new user email confirmation Fixes mistake in change log doc.

Merge branch 'master' into vue-mr-widget-state
5de85992 · Filipa Lacerda · de6c27f6 · 68cc9ea2 · 5de85992 · 5de85992
Unverified Commit 5de85992 authored 7 years ago by Filipa Lacerda
--- a/doc/user/project/milestones/index.md
+++ b/doc/user/project/milestones/index.md
@@ -52,7 +52,7 @@ special options available when filtering by milestone:
 The milestone sidebar shows percentage complete, start date and due date,
 issues, total issue weight, total issue time spent, and merge requests.
  
-The percentage complete is calcualted as: Closed and merged merge requests plus all closed issues divided by
+The percentage complete is calculated as: Closed and merged merge requests plus all closed issues divided by
 total merge requests and issues.
  
 ![Milestone sidebar](img/sidebar.png)

--- a/doc/user/project/new_ci_build_permissions_model.md
+++ b/doc/user/project/new_ci_build_permissions_model.md
@@ -91,7 +91,7 @@ to steal the tokens of other jobs.
  
 Since 9.0 [pipeline triggers][triggers] do support the new permission model.
 The new triggers do impersonate their associated user including their access
-to projects and their project permissions. To migrate trigger to use new permisison
+to projects and their project permissions. To migrate trigger to use new permission
 model use **Take ownership**.
  
 ## Before GitLab 8.12

--- a/doc/user/project/pages/introduction.md
+++ b/doc/user/project/pages/introduction.md
@@ -373,7 +373,7 @@ configuration.
 If the case of `404.html`, there are different scenarios. For example:
  
 - If you use project Pages (served under `/projectname/`) and try to access
-  `/projectname/non/exsiting_file`, GitLab Pages will try to serve first
+  `/projectname/non/existing_file`, GitLab Pages will try to serve first
  `/projectname/404.html`, and then `/404.html`.
 - If you use user/group Pages (served under `/`) and try to access
  `/non/existing_file` GitLab Pages will try to serve `/404.html`.

--- a/lib/api/protected_branches.rb
+++ b/lib/api/protected_branches.rb
@@ -2,7 +2,7 @@ module API
  class ProtectedBranches < Grape::API
    include PaginationParams
  
-    BRANCH_ENDPOINT_REQUIREMENTS = API::PROJECT_ENDPOINT_REQUIREMENTS.merge(branch: API::NO_SLASH_URL_PART_REGEX)
+    BRANCH_ENDPOINT_REQUIREMENTS = API::PROJECT_ENDPOINT_REQUIREMENTS.merge(name: API::NO_SLASH_URL_PART_REGEX)
  
    before { authorize_admin_project }
  

--- a/lib/gitlab/git/repository.rb
+++ b/lib/gitlab/git/repository.rb
@@ -1317,6 +1317,10 @@ module Gitlab
      end
      # rubocop:enable Metrics/ParameterLists
  
+      def write_config(full_path:)
+        rugged.config['gitlab.fullpath'] = full_path if full_path.present?
+      end
+
      def gitaly_repository
        Gitlab::GitalyClient::Util.repository(@storage, @relative_path, @gl_repository)
      end

--- a/qa/qa/page/main/login.rb
+++ b/qa/qa/page/main/login.rb
@@ -19,15 +19,17 @@ module QA
        end
  
        def sign_in_using_credentials
-          if page.has_content?('Change your password')
+          using_wait_time 0 do
+            if page.has_content?('Change your password')
+              fill_in :user_password, with: Runtime::User.password
+              fill_in :user_password_confirmation, with: Runtime::User.password
+              click_button 'Change your password'
+            end
+
+            fill_in :user_login, with: Runtime::User.name
            fill_in :user_password, with: Runtime::User.password
-            fill_in :user_password_confirmation, with: Runtime::User.password
-            click_button 'Change your password'
+            click_button 'Sign in'
          end
-
-          fill_in :user_login, with: Runtime::User.name
-          fill_in :user_password, with: Runtime::User.password
-          click_button 'Sign in'
        end
  
        def self.path

--- a/spec/controllers/admin/application_settings_controller_spec.rb
+++ b/spec/controllers/admin/application_settings_controller_spec.rb
@@ -51,6 +51,13 @@ describe Admin::ApplicationSettingsController do
      sign_in(admin)
    end
  
+    it 'updates the password_authentication_enabled_for_git setting' do
+      put :update, application_setting: { password_authentication_enabled_for_git: "0" }
+
+      expect(response).to redirect_to(admin_application_settings_path)
+      expect(ApplicationSetting.current.password_authentication_enabled_for_git).to eq(false)
+    end
+
    it 'updates the default_project_visibility for string value' do
      put :update, application_setting: { default_project_visibility: "20" }
  

--- a/spec/javascripts/signin_tabs_memoizer_spec.js
+++ b/spec/javascripts/signin_tabs_memoizer_spec.js
@@ -53,6 +53,13 @@ import SigninTabsMemoizer from '~/pages/sessions/new/signin_tabs_memoizer';
      expect(memo.readData()).toEqual('#standard');
    });
  
+    it('overrides last selected tab with hash tag when given', () => {
+      window.location.hash = '#ldap';
+      createMemoizer();
+
+      expect(memo.readData()).toEqual('#ldap');
+    });
+
    describe('class constructor', () => {
      beforeEach(() => {
        memo = createMemoizer();

--- a/spec/javascripts/vue_mr_widget/components/states/mr_widget_ready_to_merge_spec.js
+++ b/spec/javascripts/vue_mr_widget/components/states/mr_widget_ready_to_merge_spec.js
@@ -170,14 +170,14 @@ describe('MRWidgetReadyToMerge', () => {
        expect(vm.iconClass).toEqual('success');
      });
  
-      it('shows x for failed status', () => {
+      it('shows warning icon for failed status', () => {
        vm.mr.hasCI = true;
-        expect(vm.iconClass).toEqual('failed');
+        expect(vm.iconClass).toEqual('warning');
      });
  
-      it('shows x for merge not allowed', () => {
+      it('shows warning icon for merge not allowed', () => {
        vm.mr.hasCI = true;
-        expect(vm.iconClass).toEqual('failed');
+        expect(vm.iconClass).toEqual('warning');
      });
    });
  

--- a/spec/requests/api/protected_branches_spec.rb
+++ b/spec/requests/api/protected_branches_spec.rb
@@ -80,6 +80,12 @@ describe API::ProtectedBranches do
  
        it_behaves_like 'protected branch'
      end
+
+      context 'when protected branch contains a period' do
+        let(:protected_name) { 'my.feature' }
+
+        it_behaves_like 'protected branch'
+      end
    end
  
    context 'when authenticated as a guest' do

--- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
+++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
@@ -42,6 +42,7 @@ stages:
  - build
  - test
  - review
+  - dast
  - staging
  - canary
  - production
@@ -130,6 +131,23 @@ sast:container:
  artifacts:
    paths: [gl-sast-container-report.json]
  
+dast:
+  stage: dast
+  allow_failure: true
+  image: owasp/zap2docker-stable
+  variables:
+    POSTGRES_DB: "false"
+  script:
+    - dast
+  artifacts:
+    paths: [gl-dast-report.json]
+  only:
+    refs:
+      - branches
+    kubernetes: active
+  except:
+    - master
+
 review:
  stage: review
  script:
@@ -270,8 +288,8 @@ production:
    docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
    apk add -U wget ca-certificates
    docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
-    wget https://github.com/arminc/clair-scanner/releases/download/v6/clair-scanner_linux_386
-    mv clair-scanner_linux_386 clair-scanner
+    wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
+    mv clair-scanner_linux_amd64 clair-scanner
    chmod +x clair-scanner
    touch clair-whitelist.yml
    ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true
@@ -327,6 +345,12 @@ production:
      replicas="$new_replicas"
    fi
  
+    if [[ "$CI_PROJECT_VISIBILITY" != "public" ]]; then
+      secret_name='gitlab-registry'
+    else
+      secret_name=''
+    fi
+
    helm upgrade --install \
      --wait \
      --set service.enabled="$service_enabled" \
@@ -334,6 +358,7 @@ production:
      --set image.repository="$CI_APPLICATION_REPOSITORY" \
      --set image.tag="$CI_APPLICATION_TAG" \
      --set image.pullPolicy=IfNotPresent \
+      --set image.secrets[0].name="$secret_name" \
      --set application.track="$track" \
      --set application.database_url="$DATABASE_URL" \
      --set service.url="$CI_ENVIRONMENT_URL" \
@@ -462,6 +487,11 @@ production:
  }
  
  function create_secret() {
+    echo "Create secret..."
+    if [[ "$CI_PROJECT_VISIBILITY" == "public" ]]; then
+      return
+    fi
+
    kubectl create secret -n "$KUBE_NAMESPACE" \
      docker-registry gitlab-registry \
      --docker-server="$CI_REGISTRY" \
@@ -471,6 +501,14 @@ production:
      -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
  }
  
+  function dast() {
+    export CI_ENVIRONMENT_URL=$(cat environment_url.txt)
+
+    mkdir /zap/wrk/
+    /zap/zap-baseline.py -J gl-dast-report.json -t "$CI_ENVIRONMENT_URL" || true
+    cp /zap/wrk/gl-dast-report.json .
+  }
+
  function performance() {
    export CI_ENVIRONMENT_URL=$(cat environment_url.txt)